--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-9c38d1dc1d
2018-08-14 21:06:35.949541
--------------------------------------------------------------------------------Name        : php-symfony3
Product     : Fedora 28
Version     : 3.4.14
Release     : 1.fc28
URL         : http://symfony.com
Summary     : Symfony PHP framework (version 3)
Description :
Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

--------------------------------------------------------------------------------Update Information:

## 3.4.14 (2018-08-01)   * security #cve-2018-14774 [HttpKernel] fix trusted
headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas)  *
security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky
HTTP headers (nicolas-grekas)  * bug #28003 [HttpKernel] Fixes invalid
REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
(netiul)  * bug #28007 [FrameworkBundle] fixed guard event names for transitions
(destillat)  * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)  * bug
#28080 [HttpFoundation] fixed using _method parameter with invalid type
(Phobetor)  * bug #28052 [HttpKernel] Fix merging bindings for controllers'
locators (nicolas-grekas)  ## 3.4.13 (2018-07-23)   * bug #28005 [HttpKernel]
Fixed templateExists on parse error of the template name (yceruto)  * bug #27997
Serbo-Croatian has Serbian plural rule (kylekatarnls)  * bug #26193 Fix false-positive deprecation notices for TranslationLoader and WriteCheckSessionHandler
(iquito)  * bug #27941 [WebProfilerBundle] Fixed icon alignment issue using
Bootstrap 4.1.2 (jmsche)  * bug #27937 [HttpFoundation] reset callback on
StreamedResponse when setNotModified() is called (rubencm)  * bug #27927
[HttpFoundation] Suppress side effects in 'get' and 'has' methods of
NamespacedAttributeBag (webnet-fr)  * bug #27923 [Form/Profiler] Massively
reducing memory footprint of form profiling pages... (VincentChalnot)  * bug
#27918 [Console] correctly return parameter's default value on "--" (seschwar)
* bug #27904 [Filesystem] fix lock file permissions (fritzmg)  * bug #27903
[Lock] fix lock file permissions (fritzmg)  * bug #27889 [Form] Replace
.initialism with .text-uppercase. (vudaltsov)  * bug #27902 Fix the detection of
the Process new argument (stof)  * bug #27885 [HttpFoundation] don't encode
cookie name for BC (nicolas-grekas)  * bug #27782 [DI] Fix dumping ignore-on-uninitialized references to synthetic services (nicolas-grekas)  * bug #27435
[OptionResolver] resolve arrays (Doctrs)  * bug #27728 [TwigBridge] Fix missing
path and separators in loader paths list on debug:twig output (yceruto)  * bug
#27837 [PropertyInfo] Fix dock block lookup fallback loop (DerManoMann)  * bug
#27758 [WebProfilerBundle] Prevent toolbar links color override by css (alcalyn)
* bug #27834 [DI] Don't show internal service id on binding errors (nicolas-grekas)  * bug #27831  Check for Hyper terminal on all operating systems.
(azjezz)  * bug #27794 Add color support for Hyper terminal . (azjezz)  * bug
#27809 [HttpFoundation] Fix tests: new message for status 425 (dunglas)  * bug
#27618 [PropertyInfo] added handling of nullable types in PhpDoc (oxan)  * bug
#27659 [HttpKernel] Make AbstractTestSessionListener compatible with
CookieClearingLogoutHandler (thewilkybarkid)  * bug #27752 [Cache] provider does
not respect option maxIdLength with versioning enabled (Constantine Shtompel)  *
bug #27776 [ProxyManagerBridge] Fix support of private services (bis) (nicolas-grekas)  * bug #27714 [HttpFoundation] fix session tracking counter (nicolas-grekas, dmaicher)  * bug #27747 [HttpFoundation] fix registration of session
proxies (nicolas-grekas)  * bug #27722 Redesign the Debug error page in prod
(javiereguiluz)  * bug #27716 [DI] fix dumping deprecated service in yaml
(nicolas-grekas)
--------------------------------------------------------------------------------ChangeLog:

* Wed Aug  1 2018 Shawn Iwinski  - 3.4.14-1
- Update to 3.4.14 (CVE-2018-14773 / CVE-2018-14774)
- Add conflict php-composer(phpdocumentor/type-resolver) < 0.3.0
* Fri Jul 13 2018 Fedora Release Engineering  - 3.4.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 25 2018 Shawn Iwinski  - 3.4.12-1
- Update 3.4.12
* Mon May 28 2018 Remi Collet  - 3.4.11-1
- update to 3.4.11
* Thu May 24 2018 Remi Collet  - 3.4.10-1
- update to 3.4.10
- ignore new dependency on symfony/polyfill-ctype
* Fri May  4 2018 Remi Collet  - 3.4.9-1
- update to 3.4.9
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1611906 - CVE-2018-14773 php-symfony: Legacy HTTP headers allow users to modify URLs and bypass restrictions
        https://bugzilla.redhat.com/show_bug.cgi?id=1611906
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-9c38d1dc1d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEXOLS5O7DVCCNWZY5TXF4UW5O2KP2HK/